Using the Secure Shell (SSH) authentication method on target Windows operating systems

For hosts running on Windows operating systems, support for SSH protocol requires the addition of a third-party product such as SSH on CYGWIN on the target Windows host and the software package you are installing will be installed under CYGWIN. Since WebSphere Application Server does not officially support installing under CYGWIN, this tool has only been tested to verify that centralized installation manager (CIM) can be used to install a software package on Windows targets using the SSH public/private key authentication. Other SSH support for Windows operating systems has not been tested and is not supported by CIM.

Before you begin

Use the information provided in this topic only if you want to use the SSH public/private key authentication method to access remote target workstations that are running any of the Windows operating systems. You can skip this topic if you plan to use the user name and password authentication method to access the installation targets.

Ensure CYGWIN SSH server is installed on the Windows target workstation.

In a typical setup of the CYGWIN sshd server running as a Windows service, the server runs under the Local SYSTEM account (or for a Windows 2003 Server, runs under a local account, sshd_server ) specifically created with special privileges to run the service. With an SSH server configured and started on the Windows target, the server authenticates user logins using a public/private key-pair. With this setup, however, installation programs that are located on the Windows target and invoked by the centralized installation manager—which is using SSH public/private key authentication to gain access to the target workstation—are run using the identity of the account under which the SSH server is running. This causes problems with certain centralized installation manager operations when the files or directories on the target system, which the operation is to operate on, were created using different identities. To work around this, change the service that the CYGWIN sshd server runs under to log on with the same account, root, which is used to install software on that specific target Windows workstation.

Restriction: When installing WebSphere Application Server Version 8.0 on Windows targets using SSH public/private key authentication, do not specify installation directory path with one or more spaces within the path. Having spaces within the installation path will cause failure in some Windows bat files when the input argument also contains spaces.

Assuming that a local ID root that has Administrator authority to install software on the Windows workstation has been created, complete the following steps to change the CYGWIN sshd server to run under the ID root:

About this task

Procedure

  1. Change the login ID of the CYGWIN sshd service.
    1. From the Windows Start menu, click Settings > Control Panel > Administrative Tools > Services .
    2. From the Services window, right-click CYGWIN sshd, and select Properties.
    3. From the Properties window, select the General tab, and click Stop to stop the sshd service.
    4. Next, select the Log on tab. Under the Log on as section or prompt, clear the Local System account radio button, and select This account.
    5. Type .\root as the ID and type the password for the account. Click Apply.
  2. Grant additional rights to the root account. Ensure that the account has the required privileges in addition to membership to the Administrators group.
    1. From the Windows Start menu, click Settings > Control Panel > Administrative Tools > Local Security Policy.
    2. From the Local Security Settings window, expand Local Policies, and select User Rights Assignment.
    3. From the resulting page that is displayed on the right, verify that the root account has the following four rights:
      • Adjust memory quotas for a process
      • Create a token object
      • Log on as a service
      • Replace a process level token

      If not, add root as a user with the four rights.

  3. Close the Local Security Settings window.
  4. From a CYGWIN console panel, change ownership of the following directories and files to root:
    • chown root /var/log/sshd.log
    • chown -R root /var/empty
    • chown root /etc/ssh*
  5. Restart the CYGWIN sshd service.

    From the Properties page of the CYGWIN sshd service, select the General tab, and click Start. Verify that the service is now running under the root user account.

Results

You can now install product packages and maintenance to your Windows target workstations.

Troubleshooting: You might receive the following error trying to connect to your Windows workstation using a non-administrator user ID and password:
XCIM0010E: An error occurred while connecting to the remote target ip_address. 
Cause: CTGRI0011E An error occurred when accessing the remote registry or service control manager.
Many operations that CIM performs require access to resources that are not generally accessible by ordinary user accounts. Therefore, the account names that you use to log onto remote Windows machines must have administrative privileges. The simplest way is to add the user account to the Administrators group using the following steps:
  1. Right click My Computer from your Windows desktop and select Manage.
  2. Expand Local Users and Groups on the resulting Computer Management windows and select the Users folder.
  3. On the right panel, double-click the user account to open the Properties window for that account.
  4. Select the Member Of tab, and add the Administrators group to the list of groups that this account belongs to.

What to do next

From the administrative console, click System administration > Centralized Installation Manager > Installation targets .




In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Feb 6, 2014 11:19:27 PM CST
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=matt&product=was-nd-dist&topic=tins_cim_targets_ssh_windows
File name: tins_cim_targets_ssh_windows.html